[Git][reproducible-builds/reproducible-presentations][nevermind-the-checkboxes] Flesh out what reproducible builds are.

Chris Lamb (@lamby) gitlab at salsa.debian.org
Sat Aug 2 16:14:51 UTC 2025 


Chris Lamb pushed to branch nevermind-the-checkboxes at Reproducible Builds / reproducible-presentations


Commits:
8a417215 by Chris Lamb at 2025-08-02T09:14:33-07:00
Flesh out what reproducible builds are.

- - - - -


1 changed file:

- 2025-08-02-fossy-nevermind-the-checkboxes/Nevermind-the-Checkboxes-heres-Reproducible-Builds.org


Changes:

=====================================
2025-08-02-fossy-nevermind-the-checkboxes/Nevermind-the-Checkboxes-heres-Reproducible-Builds.org
=====================================
@@ -276,10 +276,23 @@ https://reproducible-builds.org/docs/definition/
 
 \vspace{\baselineskip}
 
-A build is reproducible if given the same source code, build
+A build is reproducible if, given the same source code, build
 environment and build instructions, any party can recreate bit-by-bit
 identical copies of all specified artifacts.
 
+The crucial reason for caring about this, however, is that if multiple people
+can all build the same, bit-for-bit, identical copy of the software, then that
+is pretty strong evidence that none of those builds have been tampered with,
+and none of those people have been hacked.
+
+This, in turn, then allows other people to trust those builds and install that
+software on their machines, without building the software themselves.
+
+For example, if I can build exactly what the Debian build servers are building,
+that is evidence that they have not yet been hacked. Centralised build servers
+are, of course, very juicy targets for malicious actors.
+
+
 ** image
     :PROPERTIES:
     :BEAMER_col: 0.3



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/8a417215c8e4c21d50dc7a11134dc004a5aa6683

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/8a417215c8e4c21d50dc7a11134dc004a5aa6683
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20250802/d16985ec/attachment.htm>

More information about the rb-commits mailing list